Hi,
This is a bit odd setup.
First of all, why would you use GRE, if only st0.x interface should be sufficient? GRE will add additional overhead.
Also, if you need to configure 2 IPSec tunnels, one via each ISP, then it would be much reasonable to use interface IP towards each ISP as local-address under IKE gateway
------------------------------
FARID AKHUNDOV
------------------------------
Original Message:
Sent: 08-01-2024 17:22
From: Yura Fedoruk
Subject: Advice on configuring Juniper SRX300 IPSec backup tunnel to Mikrotik with two ISP
Hey guys! I'm kinda new to Juniper and i have setup as following:
Juniper SRX300 has gre tunnel gr-0/0/0.0 with IPsec vpn local 10.77.255.1/32; remote 10.59.255.1/32; bind-interface st0.5;
In IKE i have gateway to mikrotik_ISP1 (lets say 1.1.1.1)
I have static routing option named as 10.59.255.1/32 and set to use next-hop st0.5;
I'm trying to find out how to configure the second gre over ipsec with same local and remote ip. With only diference in gateway, it would be mikrotik_ISP2 (lets say 2.2.2.2).
I cannot set second route named the same with difference only in next-hop
Couldn't find any info fitting my problem. Any advices please?
------------------------------
Yura Fedoruk
------------------------------